CVE-2012-2112 — typo3-src - cross site scripting

Description

Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.

How to fix CVE-2012-2112

To remediate CVE-2012-2112, upgrade the affected package to a fixed version below.

Debian/typo3-src—upgrade to 4.3.9+dfsg1-1+squeeze4 or later
Packagist/typo3/cms—upgrade to 4.4.15 or later

Is CVE-2012-2112 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.3.9+dfsg1-1+squeeze4
>= 4.4, < 4.4.15

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-2112
WEBlists.typo3.org/pipermail/typo3-announce/2012/000241.html
WEBlists.typo3.org/pipermail/typo3-announce/2012/000242.html
WEBexchange.xforce.ibmcloud.com/vulnerabilities/74920